[Webkit-unassigned] [Bug 12658] New: CrashTracer: 3 crashes in Safari at com.apple.WebCore: WebCore::Element::setAttribute + 58
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 6 23:31:01 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=12658
Summary: CrashTracer: 3 crashes in Safari at com.apple.WebCore:
WebCore::Element::setAttribute + 58
Product: WebKit
Version: 420+ (nightly)
Platform: Macintosh
OS/Version: Mac OS X 10.4
Status: NEW
Keywords: InRadar
Severity: Normal
Priority: P1
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mjs at apple.com
2006-11-28 23:02:04 CrashTracer System:
PLEASE NOTE: This crash was automatically generated based on user crash
reports. Go here to learn how to deal with it:
http://howto.apple.com/db.cgi?CrashTracer
* APPLICATION: Safari
* CRASH: com.apple.WebCore: WebCore::Element::setAttribute + 58
* MORE INFORMATION:
http://crashtracer.apple.com/detail.php?crash_id=5616952&app=Safari&build=9A288
(may not immediately have data)
This crash was escalated to Radar by the CrashTracer System because an internal
user explicitly requested it. The user provided the following comments:
Was browsing audible.com and tried to view a preview
Possible third-party binary images occurring in over 75% in processes that
crashed here:
100.00% (2 of 2) GLEngine ??? (???)
/System/Library/Frameworks/OpenGL.framework/Resources/GLEngine.bundle/GLEngine
100.00% (2 of 2) GLRendererFloat ??? (???)
/System/Library/Frameworks/OpenGL.framework/Resources/GLRendererFloat.bundle/GLRendererFloat
100.00% (2 of 2) com.macromedia.Flash Player.plugin 8.0.27 (1.0.2f27)
/Library/Internet Plug-Ins/Flash Player.plugin/Contents/MacOS/Flash Player
Summary of a selection of backtraces attributed to this bug. The stack frame
considered to be the unique "crash point" is highlighted ==> like this <==.
This frame is used for aggregation when filing these bugs and does not
necessarily imply fault.
1 page zero:
==> 2 com.apple.WebCore: WebCore::Element::setAttribute + 58 <==
2 com.apple.WebCore: WebCore::Element::setAttribute + 47
2 com.apple.WebCore: WebCore::HTMLImageElement::setHeight + 64
2 com.apple.WebCore: KJS::ImageConstructorImp::construct +
287
2 com.apple.JavaScriptCore: KJS::NewExprNode::evaluate +
540
2 com.apple.JavaScriptCore: KJS::VarDeclNode::evaluate +
62
2 com.apple.JavaScriptCore:
KJS::VarDeclListNode::evaluate + 47
2 com.apple.JavaScriptCore:
KJS::VarStatementNode::execute + 130
2 com.apple.JavaScriptCore:
KJS::SourceElementsNode::execute + 177
2 com.apple.JavaScriptCore:
KJS::BlockNode::execute + 74
2 com.apple.JavaScriptCore:
KJS::DeclaredFunctionImp::execute + 52
2 com.apple.JavaScriptCore:
KJS::FunctionImp::callAsFunction + 343
2 com.apple.JavaScriptCore:
KJS::JSObject::call + 135
2 com.apple.JavaScriptCore:
KJS::FunctionCallResolveNode::evaluate + 606
2 com.apple.JavaScriptCore:
KJS::ExprStatementNode::execute + 130
2 com.apple.JavaScriptCore:
KJS::SourceElementsNode::execute + 177
2 com.apple.JavaScriptCore:
KJS::BlockNode::execute + 74
2 com.apple.JavaScriptCore:
KJS::DeclaredFunctionImp::execute + 52
2 com.apple.JavaScriptCore:
KJS::FunctionImp::callAsFunction + 343
2 com.apple.JavaScriptCore:
KJS::JSObject::call + 135
1 com.apple.WebCore:
KJS::JSAbstractEventListener::handleEvent + 1107
+-1 com.apple.WebCore:
WebCore::EventTargetNode::handleLocalEvents + 182
+---1 com.apple.WebCore:
WebCore::EventTargetNode::dispatchGenericEvent + 978
+-----1 com.apple.WebCore:
WebCore::EventTargetNode::dispatchEvent + 179
+-------1
com.apple.WebCore: WebCore::EventTargetNode::dispatchMouseEvent + 466
+---------1
com.apple.WebCore: WebCore::EventTargetNode::dispatchMouseEvent + 142
+-----------1
com.apple.WebCore: WebCore::FrameView::dispatchMouseEvent + 361
+-------------1
com.apple.WebCore: WebCore::FrameView::handleMouseReleaseEvent + 614
+---------------1
com.apple.WebCore: WebCore::FrameMac::mouseUp + 217
+-----------------1
com.apple.WebKit: -[WebHTMLView mouseUp:] + 210
+-------------------1
com.apple.AppKit: -[NSWindow sendEvent:] + 5516
+---------------------1
com.apple.Safari: -[Window sendEvent:]
+-----------------------1
com.apple.AppKit: -[NSApplication sendEvent:] + 2837
+-------------------------1
com.apple.Safari: -[BrowserApplication sendEvent:]
+---------------------------1 com.apple.AppKit: -[NSApplication run] + 847
+-----------------------------1 com.apple.AppKit: NSApplicationMain + 663
+-------------------------------1 com.apple.Safari: __start
+---------------------------------1 com.apple.Safari: start
+-----------------------------------1 page zero: 0x2
+-------------------------------------1 Main thread
pruning: 1
com.apple.WebCore: KJS::JSAbstractEventListener::handleEvent + 1202
Some of the most recent comments:
* 7044219: Clicking on NetFlix preview.
Overall this crash was reported 2 times in OS builds 9A270 to 9A288, Safari
versions 521.26.2 to 521.28.2. Of these crashes, 1 was in the latest OS build,
9A288, and 1 was in the latest Safari version, 521.28.2.
2006-12-07 14:35:20 Stephanie Lewis:
Looks like 4662801 but that was supposed to be fixed in Leopard 9A268 and these
were later.
2006-12-08 13:06:52 David Harrison:
Deferring crashtracers with fewer than 100 instances.
2007-01-05 13:16:20 Stephanie Lewis:
4910230 is a reproducible duplicate
* STEPS TO REPRODUCE
1. Go to the site:
http://diane.zaadz.com/blog/tags/macdougalls+pride
2007-01-08 13:50:37 Stephanie Lewis:
Safari BRB Reviewed
2007-01-15 13:50:47 Alice Liu:
Safari blocker reviewed
2007-01-15 13:51:16 John Sullivan:
Can still repro with tip of tree on Tiger.
2007-01-22 13:32:58 Beth Dakin:
I cannot reproduce with today's Tip of Tree on Tiger. John is pulling fresh
sources so that he can try again too. Moving to Verify.
2007-01-22 14:38:30 John Sullivan:
Unfortunately the crash still happens for me at the same spot with the very
latest sources on Tiger.
2007-01-22 14:49:33 John Sullivan:
My Tiger machine is a G5. I can also repro on Leopard 9A347 on my MacBook Pro.
2007-01-27 18:42:06 Beth Dakin:
I was able to get this to crash after a long, long time with Guard Malloc
enabled, but it crashed in a different place. Very mysterious. I think I am
going to have to reduce this one on a machine where it is more easily
reproducible.
<rdar://problem/4853984>
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list